Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Truly infected? Many false positives? AVs disagree.


  • Please log in to reply
No replies to this topic

#1 stefanzman

stefanzman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 10 July 2012 - 12:36 AM

Hello,

I have a peculiar situation with an XP SP3 computer, and it is difficult to ascertain the true status of the machine.

The customer claims that they were greeted with a notification about a virus, so they promptly ran a full scan with Lavasoft Adaware. After this was completed, numerous seemingly valid EXE files were relocated to quarantine.

Most of them were tagged with - LooksLike.Win32.InfectedFile!A (v)

Many of them were EXEs from commercial/vertical software programs that had been installed for years. Since it seemed highly unlikely that all these objects were truly infected, I restored them all.

The machine is running OK. There are some quirks and performance issues, but nothing very ominous.

I have since installed and run MalwareBytes, and it found a couple of believable threats that were removed.

I then ran a Kaspersky and AVIRA scan on the machine. Both of these found multiple infected EXE files again. So I submitted a handful of these to Virustotal, and the results were all over the map. Many files were found clean, but others got several hits (New WIN32, W32/Pift, Virus.Win32.Suspic.gen). One of these hits was a component of the freshly installed Malwarebytes program (mabamgui.exe).

Not to be deterred, I just downloaded and ran the ESet online scanner. And... it found NOTHING.

What in the world am I supposed to make of this? Is there a reasonably certain way that I can confirm/deny the infection on this box?

I cannot recall when I have seen so much disagreement amongst the major AV vendors for a given machine.

Thanks much in advance for any suggestions/guidance.

Stefan

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users